EU wants 'right to delete' for online personal data

EU wants 'right to delete' for online personal data

Summary: The European Commission is in the process of drawing up legislation which may allow citizens of EU member states to delete data stored by websites and services.

SHARE:

The European Commission is in the process of drawing up legislation which may allow citizens of EU member states to delete data stored by websites and services.

With vast amounts of data held on us, most of it we put on ourselves, from social networking sites to paywall news sites which require credit or debit card details.

The EU is concerned that the laws regarding information security and storage are outdated, and in their view citizens should be able to remove their data from these sites and services in a short, simple process.

The problem is in regards to where the data is stored and the legislation covered under the EU may not be applicable to services held on non-EU soil. EC legislators are also trying to improve data cohesion by empowering the ordinary citizen to gain control over their own data.

EU member states and the European Commission could enact the finished, updated policy and force companies with a presence within the EU to comply, or face rejection or ceasing service.

This will no doubt be welcomed news to EU students, as now the proposal may allow measures such as needing to change a name by deed poll to escape the past in order to avoid missed employment opportunities will be unnecessary.

Do you think this is a good idea? Have your say.

Topics: Government UK, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • RE: EU wants 'right to delete' for online personal data

    IMHO: Good Idea.

    It's even a bit hard to imagine arguments against that...
    cgdams
  • RE: EU wants 'right to delete' for online personal data

    This will of course extend to erasing personal data from government databases, right? Hah. I joke. I can see it now -- the only way the good, kind-hearted Euro governments will know what personal data the evil corporations should be erasing is if the evil corporations turn it all over to the good, kind-hearted Euro governments. And let's make Eternal Sunshine of the Spotless Mind mandatory to delete data about interpersonal transactions, not just web-based ones.
    Vesicant
  • RE: EU wants 'right to delete' for online personal data

    I think it is a great idea. It would be good for the environment too because Facebook and Google would be able to take a lot of servers off line when they are done deleting all the personal data we don't want them storing about us.
    Mythos7
  • I can see Google fighting this tooth and nail.

    As "unfair" or "unjust".
    John Zern
    • Not only that, it would devalue Google and Facebook stocks, and that of

      any other entity that depends upon gathering data about people and their habits.

      If advertising cannot be targeted through the usage of collected data, chances are that Google and Facebood and Yahoo and Bing would suffer with reductions in profits.
      adornoe
      • RE: EU wants 'right to delete' for online personal data

        @adornoe@... " chances are that Google and Facebood and Yahoo and Bing would suffer with reductions in profits. ":

        Well, so be it then if that happens. That's what business is all about; running honest, trustworthy sites that don't covertly do ANYTHING to a user's machine. If they want data, let them ask me for it at a minimum, and if data is stored by agreement (passwords, etc. where cookies have a legitimate use), than that's fine as long as I was asked and had a legal recourse if they didn't follow up. 90% of web marketing is all messed up anyway by idiots and dumbos so let the user have the choice of whether they can have the data or not. And leaving credit cards: That is one of the silliest and stupidest rules on the net; I avoid them at all costs and look for substitue sites; NO webste is indispensable in today's world.

        I like the idea. OTOH I'm also not too concerned about the data they do gather on me; I'm careful, keep confidential data encrypted and routinely trim out the junk. I don't even allow cookies unless I get some personal benefit out of it.
        twaynesdomain-22354355019875063839220739305988
  • silly EU

    Incredibly idiotic concept. Keep the internet free. Don't censor. Don't let people dictate what you or I post. They have a name for that: slippery slope.

    gary
    gdstark13
    • Looks like you didn't read the blogger's piece....

      This is not about censoring by the government. This is about the users being given the capability to remove their data from internet web-sites which collect the users' private information.
      adornoe
      • RE: EU wants 'right to delete' for online personal data

        @adornoe@...

        Once your data is out there, you can never reverse the process. IT people know this. It's a feel-good proposition at best. The real answer is education...people should give up on the myth that anything they type into the internet will ever be private.

        gary
        gdstark13
      • gdstark: you're changing your original point; but even your "new" point

        is wrong.

        Your original post was uninformed, and even your new point is tangential to the discussion.

        But, no matter... I'll address it as well.

        <i>Once your data is out there, you can never reverse the process.</i>

        That's a duh!, point.

        Most people with any kind of experience in using the 'net already know this.

        <i>IT people know this.</i>

        It's not just IT people that know this. Most people using the 'net already know "this".

        <i>It's a feel-good proposition at best.</i>

        You may think of it that way, but any proposition which turns into law, and which is written with major penalty or misdemeanor or felony charges, can be very effective.

        <i>The real answer is education...</i>

        Most people with years of experience on the internet already know the consequences of divulging too much personal information on the internet. It's good to educate people on the consequences, but, a huge number of people won't listen, or won't learn their lessons, until they're the ones caught in the grip of a major scandal stemming from use of their information from the internet. The prevalent mentality out there is that, "those kind of problems only happen to others, and not to me". There is also the mentality which feels that they don't have any major secrets to hide, or that their information is useless; that is, until somebody does use that information for ID theft or to learn more about the owner of that information (stalking, as an example).

        <i>people should give up on the myth that anything they type into the internet will ever be private.</i>

        I don't think that was the topic of of this discussion although it's related. The topic was about the EU making websites give the users the right and ability to "delete" their data from websites.

        Now, if a law is drawn up to force websites to give people that ability, that law would have to be defined with penalties, including, in some cases, jail time for not putting the directives of that law into website management.

        Now, if a user "deletes" his/her information from a website, as of that date, the website should never again be able to use that person's personal data to target the person for advertising, or for website promotions, or to even contact that person, whether that data is physically deleted or just marked as "deleted" or "non-active". And, after "deletion", if personal data is used without authorization to the point that it causes harm to a person, such as a leak of a raunchy video from/by/relating to that user, then the website should be held liable for damages to the person who thought that his/her data had been "deleted". That's what the law would be about, and not about whether the person's data was already out there or not; and it's also not about the lack of education about the dangers of the internet. Once a person recognizes the mistakes of divulging too much information, that person should be given the chance to "delete" that damaging information.

        Get it?!?
        adornoe
      • RE: EU wants 'right to delete' for online personal data

        @adornoe@...

        As the article points out, the EU can't simply order the world to follow its laws, so that's problem #1.

        Here's another problem...suppose you've made orders from Amazon.com. Now you want Amazon to delete all of your data. Do they also delete any record of your purchases? If so, wouldn't that make returns difficult if they never heard of you? Or suppose I purchase a gun. Would it be a problem to law enforcement if all evidence of the purchase is conveniently erased?

        As someone who works with SQL, I'd like a few more details about how you think this is supposed to work. Do you REALLY want to delete the requestor's record personal record? That's a problem as there are typically many records attached to this identification record. Not saying it's impossible, but I'd like to hear the details on the implementation.

        Back on the facebook thing, what happens to conversations that you participated in...do each of your responses get deleted? Or any conversation you participated in? And what if someone refers to you by name in a conversation...do you expect facebook to delete those references?

        Personally I've walked away from sites from time to time (including Facebook). I've never felt like I wanted my information erased. Since I never gave them anything I cared about, I never wanted it back. I'm not saying that privacy isn't an issue with websites...just that this erasure idea doesn't seem very well thought out.

        gary
        gdstark13
      • gdstark: you're still misunderstanding the purpose for the EU's concerns...

        <i>As the article points out, the EU can't simply order the world to follow its laws, so that's problem #1.</i><br><br>That is not "the problem" and it's not a problem at all. The EU, as a whole, or any individual country, has a right to impose whatever regulations it wishes on internet collectors of personal information from individuals. Notice that the key phrase is "personal information". But, to be on the safe side, any website that receives a request from a user to "delete" his/her information, should go ahead and issue a "delete" which would encompass any and all countries where the website might be viewed/used.<br><br><i>Here's another problem...suppose you've made orders from Amazon.com. Now you want Amazon to delete all of your data. Do they also delete any record of your purchases? If so, wouldn't that make returns difficult if they never heard of you? Or suppose I purchase a gun. Would it be a problem to law enforcement if all evidence of the purchase is conveniently erased?</i><br><br>Yet, that's not what the EU or any country country would have in mind when it comes to "personal information". <br><br>What you're talking about is a business transaction, for which a business needs to gather identifying and location information. That kind of transaction does NOT involve gathering people's browsing habits, or chatting habits, or video/image uploads, or video/image downloads, or recording of every place a person visits on the internet. That is what "privacy issues" are about. <br><br>Now, once a business transaction is completed and it's not one of those that can be tagged as "concerning" to law enforcement agencies, then, if a person requests to be taken off that websites "customer list", then the website should fulfill that request and delete the customer's data; in the least, the customer should be tagged as inactive with the purpose of eventual deletion.<br><br><br>When it comes to places such as Facebook and MySpace and Google or any other place whose business does depend upon the gathering of personal information about their customers/visitors, then, the EU idea is a lot more pertinent. <br><br>The EU idea is not about preventing followups on business transactions, and when a company does take orders via the internet, then the customer should be given the chance to opt-out of any future contacts not related to the customer's transactions; in other words, the company can be prevented from targeting a customer for advertising any of it's products or services.<br><br><br><i>As someone who works with SQL, I'd like a few more details about how you think this is supposed to work.</i><br><br>I also work with SQL; in fact, I'm an expert with SQL. But, this matter from the EU is not a problem which needs to concern the requests to remove "personal and non-business related information". Get it?<br><br><br><i>Do you REALLY want to delete the requestor's record personal record?</i><br><br>When it comes to identifying and location information related to a business transaction, then the business has a right to keep and maintain that data. But, the EU suggestion is not about "business related" transactions.<br><br><br><i>That's a problem as there are typically many records attached to this identification record. Not saying it's impossible, but I'd like to hear the details on the implementation.</i><br><br>When it comes to either business-related or personal-and-private gathering of information, the SQL implementation should not be a problem at all.<br><br>A record in a database which "identifies" a person, should have a field for flagging whether a person has made a request for "deletion". Once the "deletion" is requested by the customer, that record is tagged as "I" (inactive), and not transactions or gathering of information should be allowed from that point on. The "I" remains on the record for a specified period of time, say, 3 months or a year or whatever is deemed adequate. Once the "I" period is up, the record is tagged as "D" and only an ID record should remain on the database and all other records related to the person, should be "physically" deleted and not even stored "off-line". The ID record, with the "D" (delete) tag should be kept as sort of a "no-call" list, which should be a warning to the website that collecting information for that user is prohibited. The user can make a request to change that status, and with that request. the "D" is changed to "A" for active. But, no data gathered in the past should be allowed to get back on-line for that user. In other words, it's a "fresh-start" for that user.<br><br><i>Back on the facebook thing, what happens to conversations that you participated in...do each of your responses get deleted? Or any conversation you participated in?</i><br><br>Responses/posts don't need to be physically deleted. Once a user requests to be "deleted", then his/her posts and responses should be "blocked" from appearing on the site or in a thread or conversation. That should not be a problem for programming or for database design.<br><br><br><i>And what if someone refers to you by name in a conversation...do you expect facebook to delete those references?</i><br><br>Now you're getting ridiculous.
        adornoe
      • RE: EU wants 'right to delete' for online personal data

        @adornoe@...

        I don't understand your answer to the "#1 problem", that of jurisdiction. How could the EU enforce laws on companies not in the EU. As you say, any contry can impose whatever laws it wants, but that's obviously not the same as enforcing those laws. That's why the idea seems impractical to me.

        gary
        gdstark13
      • gdstark: you're still misunderstanding (continued...)

        <i>And what if someone refers to you by name in a conversation...do you expect facebook to delete those references?</i><br><br>Now you're getting ridiculous.<br><br><br>That's not the same as keeping the personal and private information from a user, is it? The EU's suggestion if about removing personal information gathered by a site or which was originally willingly provided by the user. A name or ID by itself is not that damaging. If a "friend" or "acquaintance" of the deleted user posts damaging information about the deleted user, then the deleted user can make a further request to remove the damaging or slanderous information from the other poster. But then, the "deleted" user would have to be viewing/reading the posted information, or somebody else would have to inform the "deleted" user. There is no way that a system for deletion on the internet is going to be perfect and no one can program for that. <br><br><i>Personally I've walked away from sites from time to time (including Facebook). I've never felt like I wanted my information erased. Since I never gave them anything I cared about, I never wanted it back. I'm not saying that privacy isn't an issue with websites...just that this erasure idea doesn't seem very well thought out.</i><br><br>The idea is not a very hard one to implement. What would be hard is going backwards to erasing what was gathered that wasn't personally identifiable for a single person. But, going forward, it shouldn't be that much of a headache other than the sheer size of the effort for some major sites.
        adornoe
      • gdstark: I already offered a solution to your "#1 problem"...

        Notice where I stated:<br><br><b>But, to be on the safe side, any website that receives a request from a user to "delete" his/her information, should go ahead and issue a "delete" which would encompass any and all countries where the website might be viewed/used.</b><br><br>The EU cannot impose it's laws or regulations on the entirety of the internet, thus, my "to be on the safe side" statement above.
        adornoe
    • RE: EU wants 'right to delete' for online personal data

      @gdstark13

      Did you actually read this? It's nothing to do with censoring the internet or dictating what people post, it is about giving people the right to reclaim their personal data, should they decide they don't want a company to have it anymore.
      OffsideInVancouver
  • They should go one step further and band Google and their creepy engineers

    that will solve 99.9% of the data thief problems there.
    iPad-awan
    • RE: EU wants 'right to delete' for online personal data

      @iPad-awan

      Uh, no. Most identity theft is still achieved through analog means. The biggest element of identity theft online is the online blackmarket of personal data. Which is to say, if the good guys neglect to use the web, it just gives freer reign to the criminals. Oh, here's the perfect example. Japan was so good at using guns in warfare, that they forbid guns in Japan. It reduced internal strife for a little bitty bit, until the upstart U.S. wandered in and forced the entire nation into submission with 3 ships. Same thing. It's stupid to be afraid of tools. Fear the people using them.
      tkejlboom
  • they should go future

    yes it is a good idea! sites such as facebook don't allow you to right away delete your information or cancle your account right then. this is us self sensoring our selfs and should be our personal rights to do so. not wait 30 or mores days to have the account closed and deleted. which is a ha ha!

    EU turn the screws down tightly on these sites.
    charlieg1
  • Go one step futher

    Let people own their own personal data and anyone publishing it online without permission are subject to copyright law. If they get it wrong like outdated data that is derogatory, slap on some libelous litigation. Companies will think many times to post and be ever diligent to get it accurate.
    osreinstall